QR scan scams: Cyberattackers are diversifying their tactics

16 Mar 2023

Image: © Fevziie/Stock.adobe.com

A new report suggests there has been a surge in QR code scams, malicious advertising and PDF malware, as attackers adapt to a changing security landscape.

There has been a rise in “scan scam” campaigns, directing people to malicious links through QR codes, according to a new report by HP Wolf Security.

The report claims there has been a surge in these campaigns, with an almost daily occurrence detected between October and December last year.

The HP report said these scams trick users into scanning a QR code from their PC with their mobile devices, possibly to take advantage of weaker phishing protection.

These scam codes then direct users to malicious websites, which ask for credit or debit card details. One example of these phishing campaigns included links pretending to be parcel delivery companies seeking payment.

The HP report suggests that cybercriminals are diversifying their tactics to try to find new ways to breach devices and steal data.

The report also noted that Microsoft began blocking macros in Office files by default in February 2022, which appears to have been successful in blocking malicious code.

Alex Holland, a HP Wolf Security senior malware analyst, said malware distributors have been trying to work around this macro policy through “complex social engineering tactics”, but said these appear to be “proving less effective”.

“But when one door closes, another opens – as shown by the rise in scan scams, [malicious advertising], archives, and PDF malware,” Holland said. “Users should look out for emails and websites that ask to scan QR codes and give up sensitive data, and PDF files linking to password-protected archives.”

Various new tactics

As hinted by Holland, the report suggests a rise in other methods of attack, including a 38pc increase in malicious PDF attachments. These attacks also use embedded images that link to encrypted malicious ZIP files, to try to bypass web gateway scanners.

HP has also detected a rise of malicious advertising – or malvertising – where attackers buy ad space that links users to dangerous websites that look identical to a real website.

In the last quarter of 2022, HP detected 24 popular software projects being imitated through malvertising campaigns, compared to two in the previous year.

“While techniques evolve, threat actors still rely on social engineering to target users at the endpoint,” said HP global head of security for personal systems, Dr Ian Pratt.

“Organisations should deploy strong isolation to contain the most common attack vectors like email, web browsing and downloads,” Pratt said.

“Combine this with credential protection solutions that warn or prevent users from entering sensitive details onto suspicious sites to greatly reduce the attack surface and improve an organisation’s security posture.”

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic